Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configure SMTP and IMAP Email Management

Note:

There are configuration fields in the ATP Appliance Web UI for various SMTP options, but IMAP allows for no configuration at this time. IMAP is either permitted or denied based on scanning verdicts and policies configured on the SRX Series Firewall.

By default, for both SMTP and IMAP, attachments are allowed unless they are found to be malicious. If an attachment is malicious, it appears in the Incidents tab with the threat source and target listed as an email address. Quarantining of email attachments is not supported at this time.

With Email Management, enrolled SRX Series Firewalls transparently submit potentially malicious email attachments to ATP Appliance for inspection. Once an attachment is evaluated, ATP Appliance assigns the file a threat score. That score is between 0 and 1, with 1 being the most malicious.

ATP Appliance assigns threat scores using the following values. Note that ATP Appliance and SRX use different threat level thresholds. See the ATP Appliance and SRX Series Threat Level Comparison Chart for information.

Table 1: Threat Score Values

Value

Severity

0

Benign

.25

Low

.50

Medium

.75

High

1.0

Critical
Note:

If an email contains no attachments, it is allowed to pass without any analysis.

Benefits of Email Management

  • Allows attachments to be checked against allowlists and blocklists.

  • Prevents users from opening potential malware received as an email attachment.

Emails are checked against global blocklists and allowlists using information such as Envelope From (MAIL FROM), Envelope To (RCPT TO), Body Sender, Body Receiver. If an email matches the allowlist, that email is allowed through without any scanning. If an email matches the blocklist, it is considered to be malicious and is treated as such.

To configure SMTP email management options:

  1. From the Config tab, navigate to System Profiles > SRX settings. The SMTP configuration fields are in the middle of the page.
  2. You can configure ATP Appliance to take one of the following actions when an email attachment is determined to be malicious:

    Action to take:

    • Deliver malicious messages with warning headers added—When you select this option, headers are added to emails that most mail servers recognize and filter into Spam or Junk folders.

    • Permit—You can select to permit the email and the recipient receives it intact.

    SMTP header:

    • X-Distribution (Bulk, Spam)—Use this header for messages that are sent to a large distribution list and are most likely spam. You can also select “Do not add this header.”

    • X-Spam-Flag—This is a common header added to incoming emails that are possibly spam and should be redirected into spam or junk folders. You can also select “Do not add this header.”

    • Subject Prefix—You can prepend headers with information for the recipient, such as "Possible Spam."

  3. Click the Submit button to finish and save.

Related Documentation